Many say that one should take measure to protect oneself from thieves who would steal personal data. But what happens if the government wants to outlaw it in the name of what is being called “security”? Such is a recent discussion as elements in the US government want to outlaw various types of encryption according to a report:
End-to-end encrypted messaging is a major issue for law enforcement—as the world shifts from easy to crack (for governments) cellular SMS messaging to various flavors of IP messaging, such as WhatsApp, iMessage, Signal and Wickr, governments are exploring their options. The challenge is that such services are provided by technology companies, mostly based in the U.S., making them to a large extent out of reach from lawmakers elsewhere. The messaging services run “over the top,” meaning they are not tied directly to the provider of the network or the phone.
All of which means that the powerbroker here, as in most things tech, is the U.S. government. Which is why when Politico reported that “senior Trump administration officials met on Wednesday [June 26] to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement can’t break,” it was of real significance, “a provocative step that would reopen a long-running feud between federal authorities and Silicon Valley.”
“Technology is moving fast, and privacy needs to move with it,” Joel Wallenstrom—the CEO of uber-secure messaging platform Wickr—told me. “These are all completely legitimate, understandable even predictable concerns coming from law enforcement and elsewhere.”
Politico cited several unnamed sources in reporting that “the encryption challenge, which the government calls ‘going dark,’ was the focus of a National Security Council meeting Wednesday morning that included the No. 2 officials from several key agencies.” The discussion focused on the lockdown of messaging apps, billed as “a privacy and security feature,” which “frustrates authorities investigating terrorism, drug trafficking and child pornography.”
The challenge for governments, the U.S. included, is that the privacy of messaging has become a central theme in the ongoing debate around privacy, data security and information integrity. People around the world are shifting from public social media posting to closed groups, and messaging platforms have been a major driver of that. Even Facebook has put messaging security and privacy at the center of its new strategy.
“We hope there is really productive dialog and problem-solving,” Wallenstrom told me, speaking before the NSC news broke. In his view, “lines in the sand” and “folded arms” on the part of governments need to be avoided, with China, North Korea and Iran “not the countries we want to emulate as far as technology is concerned.”
The example of WeChat in China is especially relevant, where the authorities monitor message traffic on a fairly open basis, with immediate sanctions for misbehavior.
As the 30th anniversary of Tiananmen Square approached, it was reported that WeChat users found “keywords or pictures related to the event have been almost instantaneously deleted, with their posters sometimes summarily blocked. On the days of the anniversary itself, users were not even able to change their avatars.”
And there were many similar stories from the recent public protests in Hong Kong.
“We hope this [end-to-end encrypted] technology will exist,” Wallenstrom said, “that it’s not blockable… That there are providers of this technology that want to work through these issues and tackle the smart path forward and don’t become binary and say we won’t work with [governments] to work through these debates.”
There is no single point of view within the U.S. government on this issue, and even “a well-known fault line on encryption within the executive branch,” as reported by Politico. “The DOJ and the FBI argue that catching criminals and terrorists should be the top priority, even if watered-down encryption creates hacking risks. The Commerce and State Departments disagree, pointing to the economic, security and diplomatic consequences of mandating encryption ‘backdoors’.”
And DHS can see both sides of the debate even within itself. “The Cybersecurity and Infrastructure Security Agency know the importance of encrypting sensitive data, especially in critical infrastructure operations, but ICE and the Secret Service regularly run into encryption roadblocks during their investigations.”
Wallenstrom referenced the San Bernardino terrorist attack in 2015, which pitched DOJ against Apple to gain access to the iPhone of one of the attackers. And Politico did the same. For governments, terrorism, child trafficking and elements of serious organized crime become something of a trump card when tackling the public debate on privacy, the ultimate “yes, but.”
Earlier this month, a coalition of technology companies, privacy experts and human rights groups published an open response to a discussion document from U.K. spy agency GCHQ that suggested the idea of a ghost protocol to enable “an extra end” in end-to-end encrypted messaging, allowing governments (when required) to listen in.
The response from the likes of Apple, Microsoft, Google and WhatsApp was blunt: “It would undermine the authentication process… introduce potential unintentional vulnerabilities, increase risks that communications systems could be abused or misused… It will not matter that conversations are protected by encryption. Communications will not be secure.”
“The ghost protocol idea has been proven over and over to be unsustainable,” Wallenstrom told me. “Deciding who gets access to this kind of [intercept] technology means we’re in the business of determining who’s good and who’s bad.” He also pointed out that removing privacy protections opens up content so the platforms themselves can “go snooping through user data.”
And if the U.S. does start to genuinely debate such legislation, the backlash will escalate quickly. It is one thing to moderate the content shared on social media, quite another to bring total user privacy to an end. But for law enforcement and national security, there are genuine concerns. Where there are terrorists hiding from the authorities on platforms like Telegram there is a serious public interest issue. On this one, cliche or not, there really are no easy answers.
“I believe the future of communication,” Facebook CEO Mark Zuckerberg wrote in March, “will shift to private, encrypted services where people can be confident what they say to each other stays secure and messages and content won’t stick around forever.”
Now the question should not be if said encryption technologies have already been hacked or not. The Wikileaks documents already suggest this, as it notes that virtually all major technologies, if not already forcibly hacked by the professionals at the government (who have an unlimited budget), is built with flaws in it already in order that it may be exploited by the various agencies at a later date.
The question is one of principle.
Indeed, even if such encryption is not “wholly secure”, no system fully is completely foolproof. It is the concept that one is, theoretically, able at a certain time to have the “best available” security available that acts as a barrier against attacks, and that it is available to all people.
Banning various forms of security does nothing for the actual “Security” of a person or a nation. Rather, it is a sign of external control being forced upon them by people who do not want them to protect their information (in spite of what is said) because such people want to spy on all people at all times. This is not the sign of a “free” society at all, but a police state
Many will talk about the Stasi of East Germany, or the KGB in Russia, or the infamous Chinese secret police that went about spying, manipulating, and stealing all people’s data and personal information and using it against them.
What one may see here in the US is perhaps even worse, because of technological advances but also the non-direct application of violent force.
What is more effective at coercing a population, generally speaking, into submission? Is it brute force, or is it voluntary submission by a series of culturally-agreed upon beliefs that generate the same effect? Clearly it is the latter, for the former know they are slaves, while the latter do not necessarily know they are, but live in the illusion of freedom while being in bondage.
Such it is here in modern times, where freedom is increasingly appearing to be a form of slavery more advanced in its execution yet no less evil than its historical counterparts.
China may beat people into concentration camps and make them sing songs in praise of the state, but such people for the most part know the evils of it and know they are in captivity. It cannot be said so for the man who supports “protecting society against those terrorists” while stuffing his face with a hot dog at a baseball game where artificial intelligence computers scan and gather the most personal types of data on all people, putting it into a computer as the band plays “God Bless America” to the unified voice of the thousands in the stadium before the pitcher arises to make his first throw against the opposing team.